PKCS11/MSH compatible BCCSP SKI gen

This change-set introduces a new way to compute the SKI
of bccsp keys that is based on what happen in the PKCS11/HSM
world. The SKI of a private key is compute as SHA-256
of the der representation of the corresponding public key.
For AES keys, they are prepended by 0x01, for scoping,
and then hashed.

Change-Id: Id4c5d4a80bdfe07feb39bebd235e0625994bf91c
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

core/crypto/bccsp/sw/aeskey.go

@@ -41,6 +41,7 @@ func (k *aesPrivateKey) Bytes() (raw []byte, err error) {
 // SKI returns the subject key identifier of this key.
 func (k *aesPrivateKey) SKI() (ski []byte) {
 	hash := sha256.New()
+	hash.Write([]byte{0x01})
 	hash.Write(k.privKey)
 	return hash.Sum(nil)
 }

core/crypto/bccsp/sw/ecdsakey.go

@@ -24,8 +24,9 @@ import (
 
 	"errors"
 
+	"crypto/elliptic"
+
 	"github.com/hyperledger/fabric/core/crypto/bccsp"
-	"github.com/hyperledger/fabric/core/crypto/bccsp/utils"
 )
 
 type ecdsaPrivateKey struct {
@@ -40,9 +41,14 @@ func (k *ecdsaPrivateKey) Bytes() (raw []byte, err error) {
 
 // SKI returns the subject key identifier of this key.
 func (k *ecdsaPrivateKey) SKI() (ski []byte) {
-	raw, _ := utils.PrivateKeyToDER(k.privKey)
-	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
+	if k.privKey == nil {
+		return nil
+	}
+
+	// Marshall the public key
+	raw := elliptic.Marshal(k.privKey.Curve, k.privKey.PublicKey.X, k.privKey.PublicKey.Y)
 
+	// Hash it
 	hash := sha256.New()
 	hash.Write(raw)
 	return hash.Sum(nil)
@@ -82,9 +88,14 @@ func (k *ecdsaPublicKey) Bytes() (raw []byte, err error) {
 
 // SKI returns the subject key identifier of this key.
 func (k *ecdsaPublicKey) SKI() (ski []byte) {
-	raw, _ := utils.PublicKeyToPEM(k.pubKey, nil)
-	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
+	if k.pubKey == nil {
+		return nil
+	}
+
+	// Marshall the public key
+	raw := elliptic.Marshal(k.pubKey.Curve, k.pubKey.X, k.pubKey.Y)
 
+	// Hash it
 	hash := sha256.New()
 	hash.Write(raw)
 	return hash.Sum(nil)

core/crypto/bccsp/sw/rsakey.go

@@ -24,10 +24,18 @@ import (
 
 	"errors"
 
+	"encoding/asn1"
+	"math/big"
+
 	"github.com/hyperledger/fabric/core/crypto/bccsp"
-	"github.com/hyperledger/fabric/core/crypto/bccsp/utils"
 )
 
+// rsaPublicKey reflects the ASN.1 structure of a PKCS#1 public key.
+type rsaPublicKeyASN struct {
+	N *big.Int
+	E int
+}
+
 type rsaPrivateKey struct {
 	privKey *rsa.PrivateKey
 }
@@ -39,13 +47,18 @@ func (k *rsaPrivateKey) Bytes() (raw []byte, err error) {
 }
 
 // SKI returns the subject key identifier of this key.
-func (k *rsaPrivateKey) SKI() (gski []byte) {
+func (k *rsaPrivateKey) SKI() (ski []byte) {
 	if k.privKey == nil {
 		return nil
 	}
 
-	raw := x509.MarshalPKCS1PrivateKey(k.privKey)
+	// Marshall the public key
+	raw, _ := asn1.Marshal(rsaPublicKeyASN{
+		N: k.privKey.N,
+		E: k.privKey.E,
+	})
 
+	// Hash it
 	hash := sha256.New()
 	hash.Write(raw)
 	return hash.Sum(nil)
@@ -88,9 +101,17 @@ func (k *rsaPublicKey) Bytes() (raw []byte, err error) {
 
 // SKI returns the subject key identifier of this key.
 func (k *rsaPublicKey) SKI() (ski []byte) {
-	raw, _ := utils.PublicKeyToPEM(k.pubKey, nil)
-	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
+	if k.pubKey == nil {
+		return nil
+	}
+
+	// Marshall the public key
+	raw, _ := asn1.Marshal(rsaPublicKeyASN{
+		N: k.pubKey.N,
+		E: k.pubKey.E,
+	})
 
+	// Hash it
 	hash := sha256.New()
 	hash.Write(raw)
 	return hash.Sum(nil)